Show audit rules per object #716
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# GitHub action recipe | |
# preconditions: | |
# - Install Java | |
# > wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.rpm | |
# > rpm -Uvh jdk-17_linux-x64_bin.rpm && rm jdk-17_linux-x64_bin.rpm | |
# - Install Chromium for the dependencies needed by playwright: | |
# - Install jRuby | |
# > curl -sSL https://get.rvm.io | bash | |
# > source "$HOME/.rvm/scripts/rvm" | |
# > rvm install ${JRUBY_VERSION} | |
# > rvm --default use ${JRUBY_VERSION} | |
# > gem install bundler | |
name: Panorama CI | |
on: | |
push: | |
schedule: | |
# * is a special character in YAML so you have to quote this string, runs each day to keep the free autonomous DB alive | |
- cron: '0 0 * * *' | |
jobs: | |
setup: | |
runs-on: self-hosted | |
steps: | |
- name: Remove orphanded DB containers older than 1 hour from previous runs | |
run: | | |
docker ps --filter "name=DB*" | grep "hours ago\|days ago|weeks ago" | awk '{print $1}' | xargs -r docker rm -f | |
# !!! Remember to adjust the "needed" jobs in build_docker and build_jar if changing the test jobs here !!! | |
test_autonomous_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "autonomous", container: "PDB", max_parallel: 1 }, secrets: "inherit"} | |
test_11_2-ee: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "11.2.0.4-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_12_1-ee: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "12.1.0.2-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_12_2-ee_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "12.2.0.1-ee", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_12_2-ee_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "12.2.0.1-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
#test_18_3-ee_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "18.3.0.0-ee", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
#test_18_3-ee_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "18.3.0.0-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_18_4-xe_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "18.4.0.0-xe", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_18_4-xe_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "18.4.0.0-xe", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
#test_19_10-ee_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "19.10.0.0-ee", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_19_10-ee_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "19.10.0.0-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_19_10-se2_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "19.10.0.0-se2", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_19_10-se2_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "19.10.0.0-se2", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_21_3-ee_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "21.3.0.0-ee", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_21_3-ee_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "21.3.0.0-ee", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_21_3-se2_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "21.3.0.0-se2", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_21_3-se2_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "21.3.0.0-se2", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
# test_23_4-free_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "21.4-free", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
test_23_5-free_CDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "23.5.0.24-free", container: "CDB", max_parallel: 4 }, secrets: "inherit"} | |
test_23_5-free_PDB: { uses: "rammpeter/panorama/.github/workflows/run_tests.yml@master", needs: [setup], with: { db_version: "23.5.0.24-free", container: "PDB", max_parallel: 4 }, secrets: "inherit"} | |
build_docker: | |
runs-on: self-hosted | |
needs: [test_autonomous_PDB, test_11_2-ee, test_12_1-ee, test_12_2-ee_CDB, test_12_2-ee_PDB, test_18_4-xe_CDB, test_18_4-xe_PDB, test_19_10-ee_PDB, test_19_10-se2_CDB, test_19_10-se2_PDB, test_21_3-ee_CDB, test_21_3-ee_PDB, test_21_3-se2_CDB, test_21_3-se2_PDB] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Get version numbers | |
run: | | |
echo "JRUBY_VERSION=`cat .ruby-version | cut -c 7-13`" >> $GITHUB_ENV | |
echo JRUBY_VERSION=$JRUBY_VERSION | |
PANORAMA_VERSION=`cat config/application.rb | grep "VERSION =" | cut -d " " -f5 | sed "s/'//g"` | |
echo "PANORAMA_VERSION=$PANORAMA_VERSION" >> $GITHUB_ENV | |
echo PANORAMA_VERSION=$PANORAMA_VERSION | |
- name: Build and local push Docker image | |
run: | | |
for FROM in `grep "^FROM" Dockerfile | grep -v scratch | awk '{print $2}' | tail -n1`; do | |
echo "Ensure using latest version of $FROM" | |
docker pull $FROM | |
done | |
docker build --build-arg JRUBY_VERSION=$JRUBY_VERSION -t ghcr.io/rammpeter/panorama:latest . | |
docker login -u rammpeter -p ${{ secrets.GITHUB_TOKEN }} ghcr.io | |
docker push ghcr.io/rammpeter/panorama:latest | |
- name: Test Docker image | |
run: | | |
echo "Test docker image" | |
- name: Final push Docker image | |
run: | | |
# Check if release already exists | |
# Ensure that exit code != 0 does not stop the build | |
set +e | |
docker pull ghcr.io/rammpeter/panorama:$PANORAMA_VERSION | |
if [[ $? -eq 1 ]];then | |
echo "Image with release $PANORAMA_VERSION does not exist, deploying" | |
set -e | |
docker tag ghcr.io/rammpeter/panorama:latest ghcr.io/rammpeter/panorama:$PANORAMA_VERSION | |
docker push ghcr.io/rammpeter/panorama:$PANORAMA_VERSION | |
docker login -u rammpeter -p ${{ secrets.DOCKER_IO_API_KEY }} docker.io | |
docker tag ghcr.io/rammpeter/panorama:latest docker.io/rammpeter/panorama:$PANORAMA_VERSION | |
docker push docker.io/rammpeter/panorama:$PANORAMA_VERSION | |
docker tag ghcr.io/rammpeter/panorama:latest docker.io/rammpeter/panorama:latest | |
docker push docker.io/rammpeter/panorama:latest | |
else | |
echo "Image with release $PANORAMA_VERSION already exists, no deployment" | |
fi | |
build_jar: | |
runs-on: self-hosted | |
needs: [test_autonomous_PDB, test_11_2-ee, test_12_1-ee, test_12_2-ee_CDB, test_12_2-ee_PDB, test_18_4-xe_CDB, test_18_4-xe_PDB, test_19_10-ee_PDB, test_19_10-se2_CDB, test_19_10-se2_PDB, test_21_3-ee_CDB, test_21_3-ee_PDB, test_21_3-se2_CDB, test_21_3-se2_PDB] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: Get version numbers | |
run: | | |
echo "JRUBY_VERSION=`cat .ruby-version | cut -c 7-13`" >> $GITHUB_ENV | |
echo JRUBY_VERSION=$JRUBY_VERSION | |
PANORAMA_VERSION=`cat config/application.rb | grep "VERSION =" | cut -d " " -f5 | sed "s/'//g"` | |
echo "PANORAMA_VERSION=$PANORAMA_VERSION" >> $GITHUB_ENV | |
echo PANORAMA_VERSION=$PANORAMA_VERSION | |
- name: Build jar | |
run: | | |
source "$HOME/.rvm/scripts/rvm" | |
rvm use --default jruby-$JRUBY_VERSION | |
bundle config deployment 'true' | |
bundle install --jobs 4 | |
# Jarbler should not be part of Panorama.jar, therefore installed separately | |
gem install jarbler | |
./build_jar.sh | |
- name: Archive Panorama.jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Panorama.jar | |
path: Panorama.jar | |
- name: Test Panorama.jar | |
run: | | |
echo "Test Panorama.jar" | |
test/test_panorama_jar.sh | |
- name: Final deploy Panorama.jar | |
run: | | |
# Ensure that exit code != 0 does not stop the build | |
set +e | |
# Scan all releases for the version | |
curl -L -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/rammpeter/panorama/releases | grep tag_name | grep "$PANORAMA_VERSION" | |
if [[ $? -eq 1 ]];then | |
echo "Release with version $PANORAMA_VERSION does not exist, deploying" | |
set -e | |
# Create release | |
RES=`curl -L -X POST --silent \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
https://api.github.com/repos/rammpeter/panorama/releases \ | |
-d "{\"tag_name\":\"v$PANORAMA_VERSION\",\"target_commitish\":\"master\",\"name\":\"Release $PANORAMA_VERSION\",\"body\":\"Continous development\",\"draft\":false,\"prerelease\":false,\"generate_release_notes\":false}"` | |
RELEASE_ID=`echo $RES | jq ".id"` | |
if [[ "$RELEASE_ID" == "null" ]]; then | |
echo "Release creation failed! Response was:" | |
echo $RES | |
exit 1 | |
fi | |
# Add asset to release | |
RES=`curl -L -X POST --silent \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Content-Type: application/octet-stream" \ | |
--data-binary @Panorama.jar \ | |
"https://uploads.github.com/repos/rammpeter/panorama/releases/$RELEASE_ID/assets?name=Panorama.jar&label=Panorama.jar:%20Download%20and%20start%20with%20\"java%20-jar%20Panorama.jar\""` | |
URL=`echo $RES | jq ".url"` | |
if [[ "$URL" == "null" ]]; then | |
echo "Asset creation for release failed! Response was:" | |
echo $RES | |
exit 1 | |
fi | |
else | |
echo "Release with version $PANORAMA_VERSION already exists, no deployment" | |
fi | |